WO2014010087A1 - Appareil de commande de communication, appareil de communication et programme - Google Patents

Appareil de commande de communication, appareil de communication et programme Download PDF

Info

Publication number
WO2014010087A1
WO2014010087A1 PCT/JP2012/068012 JP2012068012W WO2014010087A1 WO 2014010087 A1 WO2014010087 A1 WO 2014010087A1 JP 2012068012 W JP2012068012 W JP 2012068012W WO 2014010087 A1 WO2014010087 A1 WO 2014010087A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
information
communication
key
unit
Prior art date
Application number
PCT/JP2012/068012
Other languages
English (en)
Japanese (ja)
Inventor
嘉一 花谷
上林 達
大場 義洋
Original Assignee
株式会社東芝
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社東芝 filed Critical 株式会社東芝
Priority to PCT/JP2012/068012 priority Critical patent/WO2014010087A1/fr
Priority to JP2014524578A priority patent/JP5813872B2/ja
Publication of WO2014010087A1 publication Critical patent/WO2014010087A1/fr
Priority to US14/589,462 priority patent/US10715345B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/189Arrangements for providing special services to substations for broadcast or conference, e.g. multicast in combination with wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • H04W4/08User group management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/186Processing of subscriber group data

Definitions

  • Embodiments described herein relate generally to a communication control device, a communication device, and a program.
  • the dynamic group management method can be flexibly managed according to the situation, but ensuring the scalability is an issue.
  • the present invention has been made in view of the above, and an object of the present invention is to provide a communication control device, a communication device, and a program capable of realizing dynamic group management while ensuring scalability.
  • the communication control device of the embodiment is connected to a plurality of communication devices, and includes a group information storage unit, a compressed information generation unit, and an output unit.
  • the group information storage unit stores group information including a group ID for identifying a group and a device ID for identifying a communication device belonging to the group.
  • the compressed information generation unit generates compressed information obtained by compressing the device ID included in the group information.
  • the output unit updates the output information including the specific information for specifying the updated group and the compressed information in which the device ID included in the updated group information is compressed. To the set of communication devices including the communication device identified by the device ID included in the group information.
  • FIG. 1 is a block diagram of a communication system according to a first embodiment.
  • FIG. The block diagram of the communication control apparatus and management apparatus of the modification 2.
  • FIG. The block diagram of the communication control apparatus and management apparatus of the modification 2.
  • FIG. The block diagram of the communication system concerning 3rd Embodiment.
  • FIG. The sequence diagram of the communication processing by the communication system of the modification 3.
  • the communication system determines a group to which the node belongs based on a group ID dynamically assigned to a communication device (hereinafter referred to as a node) by the communication control device.
  • the group ID is identification information for identifying a group.
  • Information including the group ID is transmitted by multicast communication or broadcast communication. For this reason, there is a possibility that the information including the group ID reaches other than the node to be changed.
  • the signature of the communication control device is added to information that efficiently represents a device ID that identifies a node to be changed (hereinafter referred to as a node ID). Thus, forgery of a dynamic group change command is prevented. With the above processing, dynamic group control is possible while achieving both scalability and safety.
  • each node records its own node ID and the verification key of the communication control device in advance.
  • the node compares information representing the node ID to be updated included in the received command with its own node ID. If the node ID of the node is to be updated, the node verifies the signature included in the command, and if the verification passes, changes the group ID of the group to which the node belongs to the group ID included in the command. To do.
  • each node may hold a plurality of node IDs depending on the purpose.
  • each node having a plurality of node IDs compares whether or not the node ID that is the object of the command is held. The same processing is performed.
  • the present embodiment in dynamic group control, it is not necessary to send a group ID by unicast communication or perform new authentication between the node and the communication control device as in the past. .
  • the list of node IDs to be commanded is efficiently expressed, the communication cost can be particularly reduced even when a command for many nodes is issued.
  • a node ID is assigned in consideration of attributes such as the network configuration, node usage, node manufacturer, and node installation location (geographical location information), the node ID of the command target It becomes possible not to reduce the efficiency of the list.
  • FIG. 1 is a block diagram illustrating an example of a configuration of a communication system according to the first embodiment.
  • the communication system of this embodiment has a configuration in which nodes 200a to 200f and a communication control apparatus 100 are connected by a network 60.
  • the network 60 can apply any network form such as the Internet.
  • the nodes 200a to 200f do not need to be directly connected to the communication control apparatus 100.
  • the communication control device 100 is not limited to one, and may be configured to include two or more communication control devices. Since the nodes 200a to 200f have the same configuration, they may be simply referred to as the node 200 below. The number of nodes 200 is not limited to six.
  • the communication control device 100 transmits a group change command to each node 200.
  • the group change command includes, for example, information indicating a node ID to be updated, a group ID, and a signature.
  • FIG. 2 is a block diagram illustrating a configuration example of the communication control apparatus 100.
  • the communication control apparatus 100 includes a signature key storage unit 121, a group information storage unit 122, an address storage unit 123, a reception unit 101, a group information processing unit 102, and an ID generation unit 103.
  • the signature key storage unit 121 stores a signature key used for generating a signature.
  • the group information storage unit 122 stores group information including a group ID and the node IDs of the nodes 200 belonging to the group identified by the group ID. That is, the group information storage unit 122 stores the group ID and the node ID of the node 200 belonging to the group identified by the group ID in association with each other.
  • FIG. 3 is a diagram illustrating an example of a data structure of group information. As shown in FIG. 3, the group information includes a group ID and one or more node IDs. Note that the data structure of FIG. 3 is an example, and a data structure other than the table format may be used. A certain node 200 may belong to a plurality of groups. In this case, a plurality of group IDs exist for the node ID of the node 200.
  • the address storage unit 123 stores an address to which the output unit 106 outputs information.
  • FIG. 4 is a diagram illustrating an example of a data structure of data stored in the address storage unit 123. As illustrated in FIG. 4, the address storage unit 123 stores data in which an address is associated with a node ID associated with the address. The address is, for example, a multicast address for transmitting information by multicast communication to the node 200 of each corresponding node ID. When multicast communication is not used (for example, when broadcast communication is used), the address storage unit 123 may not be provided.
  • the receiving unit 101 receives various information from an external device such as the node 200.
  • the receiving unit 101 receives, for example, a group control request and information specifying a group control target.
  • the group control request is a request for creating a new group, changing a group (such as changing a node 200 belonging to a group), and the like. It should be noted that group control may be executed not only when a group control request is received from an external device, but also when it is determined that the group control is necessary within the communication control device 100 and when it is determined necessary.
  • the receiving unit 101 sends a group control request and information (input information) designating a group control target to the group information processing unit 102.
  • the group information processing unit 102 executes processing for issuing a group management command according to the input information. First, the group information processing unit 102 determines whether or not a new group needs to be generated. When the group information processing unit 102 determines that it is not necessary to generate a new group, the group information processing unit 102 performs the following group management process.
  • the group information processing unit 102 requests the ID generation unit 103 to generate a group ID assigned to the new group.
  • the ID generation unit 103 generates a new group ID in response to the request.
  • a method for generating a group ID by the ID generation unit 103 is arbitrary. For example, for a group purpose from a method of using a randomly selected character string as a group ID and a method of using a character string concatenating the IP address of a device representing the group and the group attribute as a group ID. An appropriate method may be determined accordingly.
  • the group information processing unit 102 performs the following group management process using the generated group ID.
  • the group information processing unit 102 reads group information including a list of appropriate group IDs and node IDs from the group information storage unit 122, and creates a list of group IDs and node IDs to be distributed.
  • the group ID and the node ID to be distributed are the group ID of the group that is the target of new group creation or group change, and the node ID of the node 200 that belongs to this group ID group.
  • the group information processing unit 102 further includes an allocation unit 102a.
  • the assigning unit 102a assigns a node ID to the node 200. As described above, if the node ID is assigned in consideration of the attributes of the node 200 such as the configuration, usage, manufacturer, and location of the network 60 to be connected, the efficiency (compression of the list of node IDs to be distributed) Efficiency). For example, when a manufacturer moves a plurality of the same nodes 200 to another group at a time, if the manufacturer assigns node IDs having values close to each other to the same node 200, compression by a numerical range is performed. The compression efficiency when applying the law can be increased. Therefore, the assigning unit 102a has a plurality of node IDs that are assigned to a plurality of nodes 200 whose attributes are similar or coincide with each other. A node ID is assigned so as to be smaller than the difference between the node IDs.
  • the compression information generation unit 104 generates compression information that expresses a list of node IDs to be distributed as group IDs.
  • a compression method for example, a compression method using a wild card character, a compression method using a numerical range, a compression method using a general compact code, or the like can be applied.
  • the compression method is not limited to these. Any compression method can be used as long as the compression method can uniquely decode the node ID included in the node ID list.
  • FIG. 5 is a diagram showing an example of a compression method using wildcard characters.
  • the wild card character “*” corresponding to both 0 and 1 is used.
  • “000”, “001”, “100”, and “101” are included in the node ID list (node ID list)
  • “000” and “001” are wild cards such as “00 *”. Converted to an expression.
  • “100” and “101” are converted to “10 *”.
  • “00 *” and “10 *” are converted to “* 0 *”. The process is repeated until such conversion cannot be performed.
  • “* 0 *” is obtained as the final wildcard expression.
  • Bit strings are associated with 0, 1 and * in advance.
  • the bit strings “00”, “11”, “10”, and “01” are associated with “0”, “1”, “*”, and “*”, respectively.
  • a compressed expression “100010” obtained by concatenating bit strings is obtained from the obtained “* 0 *”. That is, the node ID list represented by at least 12 bits is compressed into 6-bit compressed information.
  • compressed information may be generated from information obtained by applying the above-described compression method.
  • the signature generation unit 105 calculates (generates) a signature using the signature key stored in the signature key storage unit 121 for the compressed information and the distribution target group ID.
  • the group information processing unit 102 reflects the change of the group information in the group information storage unit 122.
  • the change of group information refers to new addition of group ID and node ID list, deletion of group ID and node ID list, update of node ID list corresponding to a certain group ID, and the like.
  • the output unit 106 When the group information is updated, the output unit 106 includes output information including identification information for specifying the updated group, compressed information in which the node ID included in the updated group information is compressed, and a signature. Are output to a plurality of nodes including one or more nodes 200 identified by all node IDs included in the node ID list and one or more nodes 200 not included in the node ID list. In this way, by allowing the output of the output unit 106 to reach a node that is not a group change target, it is possible to reduce the calculation cost required for determining the output destination by the output unit 106 as compared with the case where the output is not allowed.
  • the output unit 106 is a set of nodes 200 managed independently of the group, and outputs output information to a set of nodes 200 including at least all nodes 200 whose groups have been updated.
  • the set of nodes 200 is a set of a plurality of nodes 200 and does not necessarily match a group to which a group ID is assigned.
  • Examples of the set of nodes 200 include a set of nodes 200 that receive data by multicast communication, a set of nodes 200 that receive data by broadcast communication, that is, a set of all nodes 200, and the like.
  • the output unit 106 may transmit the output information by one or more multicast communication or broadcast communication to a set or group of nodes 200 including the node ID list.
  • the output unit 106 selects one or more addresses (multicast addresses) associated with the node ID of the distribution target node ID among the addresses stored in the address storage unit 123, for example. Output information is transmitted as a destination. When a plurality of group IDs are assigned to a certain node ID held by the node 200, the output unit 106 outputs to the node 200 to be updated, information including information that helps identify the group ID to be updated. Information may be transmitted.
  • the information that helps identify the group ID includes information indicating the purpose and attribute of the group managed by the group ID, the group ID itself to be updated, the higher-order bits of the group ID to be updated, This indicates information indicating that there is no group ID to be updated and that a new group ID is assigned.
  • FIG. 6 is a block diagram illustrating a configuration example of the node 200.
  • the node 200 includes a key storage unit 221, a node ID storage unit 222, a group ID storage unit 223, a reception unit 201, a compressed information processing unit 202, a signature verification unit 203, and an update.
  • Unit 204 the node 200 includes a key storage unit 221, a node ID storage unit 222, a group ID storage unit 223, a reception unit 201, a compressed information processing unit 202, a signature verification unit 203, and an update.
  • Unit 204 is a block diagram illustrating a configuration example of the node 200.
  • the node 200 includes a key storage unit 221, a node ID storage unit 222, a group ID storage unit 223, a reception unit 201, a compressed information processing unit 202, a signature verification unit 203, and an update.
  • 204 the node 200 includes a key storage unit 221, a node ID storage unit 222, a group
  • the key storage unit 221 stores the verification key of the communication control device 100.
  • the node ID storage unit 222 stores a node ID assigned to the node 200 itself.
  • the group ID storage unit 223 stores the group ID of the group to which the node 200 itself belongs.
  • the receiving unit 201 receives various types of information from external devices such as the communication control device 100 and other nodes 200. For example, the receiving unit 201 receives output information including compressed information, a group ID, and a signature from the communication control apparatus 100. The receiving unit 201 receives output information through multicast communication, broadcast communication, or the like.
  • the compression information processing unit 202 determines whether or not its own node ID is the target of the group update process from the node ID stored in the node ID storage unit 222 and the received compression information.
  • the compression information processing unit 202 decodes the list of node IDs from the compression information by a decoding method corresponding to the compression method used by the compression information generation unit 104 of the communication control apparatus 100. Then, the compression information processing unit 202 determines that its own node ID is a target of the group update process when its own node ID is included in the decoded list of node IDs. If it is not the target of the group update process, the node 200 ends the process.
  • the signature verification unit 203 determines whether the signature is correct using the verification key, the compression information, and the group ID stored in the key storage unit 221. . If the signature is not correct, the node 200 ends the process.
  • the update unit 204 updates the group ID stored in the group ID storage unit 223 with the group ID included in the output information.
  • the update unit 204 may identify the group ID to be updated using this information.
  • Each of the storage units described above can be configured by any commonly used storage medium such as an HDD (Hard Disk Drive), an optical disk, a memory card, and a RAM (Random Access Memory).
  • HDD Hard Disk Drive
  • optical disk an optical disk
  • memory card an optical disk
  • RAM Random Access Memory
  • FIG. 7 is a flowchart illustrating an example of the update request process according to the first embodiment.
  • the receiving unit 101 receives information from an external device (step S101).
  • the group information processing unit 102 refers to the received information and determines whether it is necessary to update the group (step S102). For example, the group information processing unit 102 determines that the group needs to be updated when the group control request and the input information specifying the group control target are received.
  • step S102 If no group update is required (step S102: No), the update request process is terminated.
  • the group information processing unit 102 determines whether or not a new group needs to be generated (step S103). For example, the group information processing unit 102 determines that the generation of a new group is necessary when the group control request indicates the creation of a new group.
  • the group information processing unit 102 When it is necessary to generate a new group (step S103: Yes), the group information processing unit 102 generates a new group (step S104). For example, the group information processing unit 102 requests the ID generation unit 103 to generate a group ID assigned to the new group.
  • the compression information generation unit 104 reads the group information of the group to be processed from the group information storage unit 122 (step S105). .
  • the compression information generation unit 104 generates compression information from the node ID included in the read group information (step S106).
  • the signature generation unit 105 generates a signature with the signature key stored in the signature key storage unit 121 for the generated compression information and the group ID of the group to be processed (step S107).
  • the group information processing unit 102 updates the group information in the group information storage unit 122 (step S108). For example, in the case of group update, the group information processing unit 102 stores the group information in which the node ID designated as the group control target is newly associated with the group ID of the group to be updated in the group information storage unit 122. Update the stored group information before update. When a new group is generated, the group information processing unit 102 stores, in the group information storage unit 122, group information in which the node ID specified as the group control target is newly associated with the group ID generated in step S104.
  • the output unit 106 outputs the output information including the group ID included in the updated group information, the compressed information in which the node ID included in the updated group information is compressed, and the signature by, for example, multicast communication. (Step S109).
  • FIG. 8 is a flowchart showing an example of group information update processing in the first embodiment.
  • the receiving unit 201 of the node 200 receives information from an external device (step S201). For example, the receiving unit 201 receives output information transmitted by multicast communication. If the destination address of the received output information does not match the multicast address assigned to the own device, the receiving unit 201 may discard the received information and end the process.
  • the compression information processing unit 202 refers to the received information and determines whether or not the group needs to be updated (step S202). For example, when the output information specifying the multicast address assigned to the own device is received, the compression information processing unit 202 decodes the compression information included in the received output information. The compressed information processing unit 202 determines that updating is necessary when the node ID list obtained by decoding includes its own node ID.
  • step S202: No If no update is required (step S202: No), the node 200 ends the group information update process. If updating is necessary (step S202: Yes), the signature verification unit 203 determines whether the signature included in the output information is correct using the verification key, the compression information, and the group ID (step S203). . If the signature is not correct (step S203: No), the node 200 ends the group information update process.
  • step S203 If the signature is correct (step S203: Yes), the update unit 204 updates the group ID stored in the group ID storage unit 223 with the group ID included in the output information (step S204).
  • output information including the group ID updated by the communication control apparatus 100 is transmitted by multicast communication or broadcast communication. Then, the node 200 determines whether it is necessary to update the group of the own device from the output information, and updates the group of the own device only when necessary. As a result, dynamic group management can be realized while ensuring scalability.
  • FIG. 9 is a block diagram illustrating an example of a configuration of a communication system according to the second embodiment.
  • the communication system of this embodiment has a configuration in which nodes 200-2a to 200-2f and a communication control device 100-2 are connected by a network 60.
  • the communication control device 100-2 is not limited to one, and may be configured to include two or more communication control devices 100-2. Since the nodes 200-2a to 200-2f have the same configuration, they may be simply referred to as the node 200-2 below. The number of nodes 200-2 is not limited to six.
  • the group change command includes a group key in addition to information indicating a node ID to be updated, a group ID, and a signature.
  • FIG. 10 is a block diagram illustrating a configuration example of the communication control apparatus 100-2.
  • the communication control apparatus 100-2 includes a signature key storage unit 121, a group information storage unit 122, an address storage unit 123, a device key storage unit 124-2, a reception unit 101, and a group.
  • the functions of the group information processing unit 102-2, the signature generation unit 105-2, and the output unit 106-2, the device key storage unit 124-2, the group key generation unit 107-2, and the MKB The addition of the generation unit 108-2 is different from the first embodiment. Since other configurations and functions are the same as those in FIG. 2 which is a block diagram of the communication control apparatus 100 according to the first embodiment, the same reference numerals are given and description thereof is omitted here.
  • the device key storage unit 124-2 stores a list of device keys (device key list) assigned to each node 200-2.
  • the device key storage method is arbitrary, and the device key may be stored in a tree structure as will be described later.
  • the group key generation unit 107-2 generates a group key used by the node 200-2 belonging to each group.
  • the group key is distributed to each node 200-2 belonging to the corresponding group, and is used for encryption of communication between the nodes 200-2 belonging to the group, authentication of belonging to the group, and the like. Therefore, the group key needs to be kept secret from devices other than the corresponding group.
  • the MKB generation unit 108-2 generates an MKB that is confidential information from which only the node 200-2 belonging to the group can derive the group key. For example, the MKB generation unit 108-2 receives a list of device keys and a group key held by the node 200-2 belonging to the group. From the input device key list and group key, the MKB generation unit 108-2 generates an MKB from which only a device that holds a device key included in the device key list can obtain a group key.
  • the MKB generation method the Complete Subtree method, Subset Difference method, Logical Key Hierarchy method and the like are already known, and all such methods can be used.
  • the signature generation unit 105-2 generates a signature with a signature key for the compressed information, the distribution target group ID, and the MKB.
  • the communication control apparatus 100-2 sends information (input information) received from the receiving unit 101 to the group information processing unit 102-2. Similar to the first embodiment, the group information processing unit 102-2 determines whether or not a new group needs to be generated from input information. When the group information processing unit 102-2 determines that it is not necessary to generate a new group, the group information processing unit 102-2 performs the following group management processing. When the group information processing unit 102-2 determines that a new group needs to be generated, the group information processing unit 102-2 uses the ID generation unit 103 to generate a new group ID and performs the following group management processing.
  • the group information processing unit 102-2 reads a list of appropriate group IDs and node IDs from the group information storage unit 122, and a list of group IDs and node IDs to be distributed. Create
  • the group information processing unit 102-2 reads the corresponding device key list from the device key storage unit 124-2 from the list of node IDs to which the group ID is distributed. The group information processing unit 102-2 requests the group key generation unit 107-2 to generate a group key.
  • the group information processing unit 102-2 inputs the device key list and the generated group key to the MKB generation unit 108-2.
  • the MKB generation unit 108-2 generates an MKB from which only a device that holds a device key included in the device key list can obtain a group key.
  • the efficiency of the MKB to be commanded can be prevented from being lowered. Become.
  • the group information processing unit 102-2 obtains, from the compressed information generation unit 104, compressed information obtained by compressing the node ID that is the distribution target of the group ID.
  • the tree height information corresponding to the device key used for encryption may be compressed information.
  • the node ID to be distributed cannot be uniquely identified from the compressed information.
  • each node 200-2 can determine whether or not it is the target of the group change command by trial and error of the number of device keys held at most.
  • any compression method that can be uniquely decrypted, or any compression method that cannot identify any unique decryption that helps identify the device key used for encryption of the MKB may be used.
  • a bit string having no information may be assigned as the compression information.
  • the node ID to be distributed cannot be uniquely identified from the compressed information.
  • each device can change the group by trial and error at most mxn times. It can be determined whether or not it is the target of the command.
  • the group information processing unit 102-2 requests the signature generation unit 105-2 to generate a signature with a compression key, a distribution target group ID, and a signature key for the MKB.
  • the group information processing unit 102-2 reflects the change by the update process in the group information storage unit 122.
  • the change means that a group ID, a node ID list and a group key are newly added, a group ID, a node ID list and a group key are deleted, and a node corresponding to a certain group ID. This refers to updating the ID list and group key.
  • the output unit 106-2 includes the output information including the compression information, the group ID, the MKB, and the signature in the list of the node 200 and the node ID identified by all the node IDs included in the node ID list. Output to a plurality of nodes including one or more nodes 200 that are not present. In this way, by allowing the output of the output unit 106-2 to reach a node that is not the target of the group change, the calculation cost required for determining the output destination by the output unit 106-2 is compared with the case where the output is not allowed. Can be reduced.
  • the plurality of nodes 200 serving as output destinations of the output unit 106-2 are a set of nodes 200 managed independently of the group, and at least a set of nodes 200 including all the nodes 200 whose groups have been updated. Output information.
  • the set of nodes 200 is a set of a plurality of nodes 200 and does not necessarily match a group to which a group ID is assigned.
  • Examples of the set of nodes 200 include a set of nodes 200 that receive data by multicast communication, a set of nodes 200 that receive data by broadcast communication, that is, a set of all nodes 200, and the like.
  • output information may be output to a set of nodes 200 including all updated nodes 200 using one or more multicast communications or broadcast communications.
  • FIG. 11 is a block diagram illustrating an example of the configuration of the node 200-2 according to the second embodiment.
  • the node 200-2 includes a key storage unit 221, a node ID storage unit 222, a group ID storage unit 223, a device key storage unit 224-2, a reception unit 201, and a compressed information processing.
  • the second embodiment is different from the first embodiment in that the function of the signature verification unit 203-2, the device key storage unit 224-2, and the MKB processing unit 205-2 are added.
  • Other configurations and functions are the same as those in FIG. 6 which is a block diagram of the node 200 according to the first embodiment, and thus the same reference numerals are given and description thereof is omitted here.
  • the device key storage unit 224-2 stores a device key assigned to the node 200.
  • the MKB processing unit 205-2 generates a group key from the device key stored in the device key storage unit 224-2 and the MKB.
  • the signature verification unit 203-2 determines whether the signature is correct using the verification key, the compression information, the group ID, and the MKB.
  • the compression information processing unit 202 determines that its own node ID is the target of the group update process from its own node ID stored in the node ID storage unit 222 and the received compression information. It is determined whether or not there is. If not, the process ends.
  • the signature verification unit 203-2 When it is a target, or when there is a possibility that it is a target, the signature verification unit 203-2, the verification key of the communication control device 100-2 stored in the key storage unit 221, the compression information, and the group ID And the MKB, it is determined whether or not the signature is correct. If the signature is not correct, the process is terminated.
  • the MKB processing unit 205-2 inputs information including the device key stored in the device key storage unit 224-2 and the MKB. If the node 200-2 is the target of the command, the MKB processing unit 205-2 can obtain the group key because it can correctly process the MKB. On the other hand, when the node 200-2 is not the target of the command, the MKB processing unit 205-2 obtains an invalid group key or error information. For this reason, it can prevent that the terminal which is not a command object joins a group.
  • the node 200-2 may be assigned a plurality of sets of device keys for one node ID. In this case, information that helps to identify the device key obtained from the compressed information processing unit 202 may be input to the MKB processing unit 205-2. Information that helps identify the device key includes information such as the purpose and attribute of the device key, ID information for identifying the device key, and the like. By adding such information that helps identify the device key, the cost required for the process of selecting the device key to be used can be reduced.
  • the update unit 204 updates the group ID stored in the group ID storage unit 223 with the group ID to be updated, and ends the process.
  • the obtained group key may be configured to be stored in the key storage unit 221.
  • the group ID itself is included in the output information as the specific information for specifying the group.
  • the group ID since the output information is transmitted also to the node 200 of a group other than the group to be updated, the group ID cannot be concealed.
  • an MKB corresponding to the group key and the group ID is generated and included in the output information.
  • MKB is used as identification information for identifying a group.
  • the group ID itself is removed from the output information.
  • FIG. 12 is a block diagram illustrating a configuration example of the communication control device 100-2a and the management device 300a according to the second modification.
  • the functions can be separated into a communication control apparatus 100-2a responsible for group management and command issuance, and a management apparatus 300a responsible for group key issuance and MKB generation.
  • a group information processing unit 102-2a and an output unit 106-2a are different from those in FIG.
  • a group information storage unit 122, an address storage unit 123, a reception unit 101, an ID generation unit 103, a compression information generation unit 104, and an output unit 106 are provided. Since these functions are the same as those in FIG. 10, the same reference numerals are given and the description thereof is omitted.
  • the group information processing unit 102-2a performs the same processing as the group processing unit 102-2 in FIG. 10, creates a list of group IDs and node IDs to be distributed, and outputs the created list as an MKB issue request To the section 106-2a.
  • the output unit 102-2a sends the group ID, target node ID, and MKB issue request received from the group information processing unit 102-2a to the management apparatus 300a.
  • the group information processing unit 102-2a receives the MKB and the signature from the reception unit 101, the group information processing unit 102-2a determines information to be output by the same processing as in FIG. 10, and outputs the information from the output unit 106-2a.
  • the management apparatus 300a includes a receiving unit 301, a signature key storage unit 121, a device key storage unit 124-2, a signature generation unit 105-2, an output unit 303, a group key generation unit 107-2, and an MKB generation.
  • the group information storage unit 321 stores group information in the same manner as the group information storage unit 122.
  • the group information storage unit 321 may store only information sent by MKB, such as a group ID and a group key.
  • the group information processing unit 302 receives the list of group IDs and target node IDs from the reception unit 301, the group information processing unit 302 executes processing for generating an MKB and a signature in the same manner as the group information processing unit 102-2.
  • the output unit 303 outputs various information to the communication control apparatus 100-2a.
  • the communication method between the communication control apparatus 100-2a and the management apparatus 300a is arbitrary. However, for example, if it is configured to connect with a dedicated communication line, the safety can be further improved.
  • the communication control device 100-2a requests the issuance of MKB by sending a group ID and a list of node IDs to be issued as commands to the management device 300a.
  • the management apparatus 300a reads the corresponding device key from the device key storage unit 124-2 based on the node ID included in the node ID list.
  • the group key generation unit 107-2 generates a group key.
  • the MKB generation unit 108-2 derives the MKB from the device key and the group key.
  • the signature generation unit 105-2 derives a signature from the MKB and the signature key stored in the signature key storage unit 121.
  • the output unit 303 sends the MKB and signature to the communication control apparatus 100-2a.
  • the communication control apparatus 100-2a outputs the compression information to be commanded, the MKB, and the signature to the node 200 as commands.
  • the management apparatus 300a may be configured to send the group key to the communication control apparatus 100-2a.
  • the communication control apparatus 100-2a can perform group authentication with the nodes 200 belonging to the group, or perform secret communication using the group key.
  • the communication control apparatus 100-2b may have a function of determining a group key. That is, the group key generation unit 107-2 is deleted from the management apparatus 300b, and the communication control apparatus 100-2b is configured to include a group key generation unit 109-2b having the same function as the group key generation unit 107-2. May be.
  • FIG. 14 is a block diagram illustrating an example of a configuration of a communication system according to the third embodiment.
  • the nodes 200-2a to 200-2f are connected by the mesh network 62 by wireless communication or wired communication. Further, the nodes 200-2a to 200-2f constituting the mesh network 62 and the communication control device 100-2 are connected by the network 61 via the access devices 400a and 400b.
  • the network 61 any network form such as the Internet can be applied.
  • the communication control device 100-2 is not limited to one, and may be configured to include two or more communication control devices 100-2. Since the nodes 200-2a to 200-2f have the same configuration, they may be simply referred to as the node 200-2 below. Since the access devices 400a and 400b have the same configuration, they may be simply referred to as the access device 400 below.
  • the node 200-2 also functions as the access device 400.
  • the number of mesh networks 62 configured by the node 200-2 is not limited to one, and a plurality of mesh networks 62 may exist.
  • the number of access devices 400 existing in one mesh network 62 is not limited to one, and it is sufficient that at least one access device 400 exists.
  • the communication control apparatus 100-2 Since the configuration of the communication control apparatus 100-2 is the same as that of the second embodiment, the same reference numerals are given and description thereof is omitted. Further, as in the second modification, the communication control apparatus 100-2 may be realized by a plurality of apparatuses.
  • the communication control apparatus 100-2 sends a command to the command target node 200-2 by composing a command and sending the command to the access apparatus 400 in the same manner as in the second embodiment. That is, the communication control device 100-2 sends a command to the node 200-2 via the access device 400.
  • the node 200-2 performs communication via the other node 200-2 and the access device 400 constituting the mesh network 62.
  • the network configuration of FIG. 14 is applied to the communication control apparatus 100-2 and the node 200-2 of the second embodiment, but the communication control apparatus of the second embodiment is used.
  • a network configuration as shown in FIG. 14 may be applied to the communication control apparatus 100 and the node 200 of the first embodiment instead of the 100-2 and the node 200-2.
  • FIG. 15 is a block diagram illustrating an example of the configuration of the access device 400.
  • the access device 400 includes a receiving unit 401, a transfer processing unit 402, and an output unit 403.
  • the receiving unit 401 receives various types of information from the mesh network 62 or the network 61 to which the communication control device 100-2 is connected.
  • the transfer processing unit 402 determines the transfer destination of the information received by the receiving unit 401.
  • the output unit 403 outputs the received information to the access device 400 or the mesh network 62 based on the determination result of the transfer processing unit 402. Note that the access device 400 may have the same function as the node 200-2.
  • FIG. 16 is a block diagram illustrating an example of a configuration of a communication system according to the third modification.
  • the node 200-2 belonging to the mesh network is one of the access devices 400 (for example, access devices). It is assumed that the network 61 is connected via the access device 400a) among 400a to 400c.
  • a group ID is used as information for specifying the access device 400.
  • the communication control apparatus 100-2a sends a group ID by issuing a command to the node 200-2.
  • the node 200-2 is changed to perform communication via the access device 400 specified by the group ID.
  • the communication control device 100-2a switches the access device 400 that transfers the communication of the node 200-2 by switching the designation from the group ID that specifies the access device 400a to the group ID that specifies the access device 400b.
  • the communication control device 100-2a can control the processing amount of the access device 400.
  • authentication may be performed with the access device 400 using the group key distributed from the communication control device 100-2a.
  • the MKB is distributed in advance to the new access apparatus 400, and the group key is distributed in advance from the communication control apparatus 100-2a by unicast communication.
  • the group ID is information specifying a new access device 400, as in the above example, communication is performed.
  • the device can be moved by sending the group ID to the node 200-2 to which the control device 100-2a has moved.
  • authentication may be performed between the access device 400 and the node 200-2 using the group key.
  • the communication system of the third modification is newly provided with a data distribution device 500.
  • the data distribution apparatus 500 holds an MKB, a group ID issued by some communication means such as unicast communication, and a group key from the communication control apparatus 100-2a.
  • the data distribution apparatus 500 distributes the data encrypted with the group key to the nodes 200-2 belonging to the group represented by the group ID.
  • the number of data distribution devices 500 is not limited to one, and a plurality of data distribution devices 500 may exist depending on the role and the network topology.
  • FIG. 17 is a sequence diagram illustrating an example of communication processing by the communication system according to the third modification.
  • FIG. 17 includes a process of switching the group to which the node 200-2 belongs from the group accessed by the access device 400a to the group accessed by the access device 400c.
  • the communication control device 100-2a requests the management device 300a to issue a group ID (GID) and a group key (GK) (step S301).
  • the MKB generation unit 108-2 of the management apparatus 300a generates an MKB in response to the request (Step S302).
  • the group information processing unit 302 updates the group information stored in the group information storage unit 321 with the group information to be changed (step S303).
  • the management device 300a transmits the group ID, group key, MKB, and signature to the communication control device 100-2a (step S304).
  • the signature is generated by the signature generation unit 105-2 of the management apparatus 300a.
  • the communication control device 100-2a designates the group ID (GID) and the group key (GK), and notifies the access device 400c of the group change (step S305). “Load balancing” represents taking over processing for load distribution. Further, the communication control apparatus 100-2a may designate the group ID (GID ′) and the group key (GK ′) that have been used so far, and notify the access apparatus 400a of the group change. (Step S306). “Remove” indicates that the process for the group becomes unnecessary.
  • the communication control device 100-2a designates a group ID (GID) and a group key (GK) to the data distribution device 500, and stores the data
  • GID group ID
  • GK group key
  • “Update” indicates that the group key for the group is updated.
  • “Load balancing”, “remove”, and “update” are merely examples, and the reason for changing the group is not limited to these.
  • an arbitrary group change can be executed by defining a command in accordance with the purpose of the group change, such as a group change “failover” due to a failure or maintenance of the access device 400.
  • the communication control apparatus 100-2a notifies the node 200-2 of output information including the MKB and the signature (Step S308).
  • the node 200-2 obtains a group ID (GID) and a group key (GK) from the MKB included in the output information (step S309).
  • the node 200-2 identifies the access device 400a which is a new connection destination from the group ID, and notifies the change of the connection destination by performing authentication using the group key (GK) with the access device 400a. (Step S310).
  • the access device 400a connects only nodes that have passed authentication. By performing authentication using the group key (GK), there is an effect of reducing the processing cost of the access device 400a. Further, the access device 400c may be notified that the connection destination is changed (step S311). At that time, authentication using the group key (GK ′) so far may be performed.
  • the data distribution apparatus 500 distributes the data encrypted with the group key to the node 200-2 in response to a request or the like (step S312).
  • the group key instead of directly using the group key as the encryption key, the group key may be converted by a method shared in advance with the node 200-2 and used as the encryption key.
  • an encryption key can be derived from a group key using a public hash function or a secret hash function.
  • dynamic group management can be realized while ensuring scalability.
  • FIG. 18 is an explanatory diagram showing the hardware configuration of the devices according to the first to third embodiments.
  • the devices according to the first to third embodiments are connected to a control device such as a CPU (Central Processing Unit) 51, a storage device such as a ROM (Read Only Memory) 52 and a RAM (Random Access Memory) 53, and a network.
  • a control device such as a CPU (Central Processing Unit) 51, a storage device such as a ROM (Read Only Memory) 52 and a RAM (Random Access Memory) 53, and a network.
  • a communication I / F 54 that performs communication and a bus 71 that connects each unit are provided.
  • the program executed by the apparatus according to the first to third embodiments is provided by being preinstalled in the ROM 52 or the like.
  • the program executed by the apparatus according to the first to third embodiments is a file in an installable format or an executable format, and is a CD-ROM (Compact Disk Read Only Memory), a flexible disk (FD), a CD-R. (Compact Disk Recordable), DVD (Digital Versatile Disk) and the like may be provided by being recorded on a computer-readable recording medium.
  • CD-ROM Compact Disk Read Only Memory
  • FD flexible disk
  • CD-R. Compact Disk Recordable
  • DVD Digital Versatile Disk
  • the program executed by the apparatus according to the first to third embodiments may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network.
  • the program executed by the devices according to the first to third embodiments may be provided or distributed via a network such as the Internet.
  • the program executed by the apparatus according to the first to third embodiments can cause a computer to function as each unit of the above-described apparatus.
  • the CPU 51 can read a program from a computer-readable storage medium onto a main storage device and execute the program.
  • each of the above units causes, for example, a processing device such as the CPU 51 to execute a program, that is, may be realized by software, or may be realized by hardware such as an IC (Integrated Circuit), You may implement
  • the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage.
  • various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.
  • DESCRIPTION OF SYMBOLS 100 Communication control apparatus 101 Receiving part 102 Group information processing part 102a Allocation part 103 ID generation part 104 Compression information generation part 105 Signature generation part 106 Output part 107-2 Group key generation part 108-2 MKB generation part 109-2b Group key generation Unit 121 signature key storage unit 122 group information storage unit 123 address storage unit 124-2 device key storage unit 200 node 201 reception unit 202 compressed information processing unit 203 signature verification unit 204 update unit 205-2 MKB processing unit 221 key storage unit 222 Node ID storage unit 223 Group ID storage unit 224-2 Device key storage unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un appareil de commande de communication, connecté à une pluralité d'appareils de communication, qui comprend une unité de mémorisation d'informations de groupe, une unité de génération d'informations de compression, ainsi qu'une unité de sortie. L'unité de mémorisation d'informations de groupe mémorise des informations de groupe, comprenant des identifiants de groupe afin d'identifier des groupes et des identifiants d'appareil afin d'identifier des appareils de communication appartenant aux groupes. L'unité de génération d'informations de compression génère des informations de compression liées au fait que les identifiants d'appareil inclus dans les informations de groupe ont été compressés. Lorsque les informations de groupe sont mises à jour, l'unité de sortie produit les informations de sortie, qui comprennent des informations de détermination, afin de déterminer des identifiants de groupe inclus dans les informations de groupe, telles qu'elles sont actualisées et qui comprennent également des informations de compression relatives au fait que les identifiants d'appareil inclus dans les informations de groupe, telles qu'elles sont actualisées, ont été compressés, vers un jeu d'appareils de communication comprenant les appareils de communication identifiés par les identifiants d'appareil inclus dans les informations de groupe, telles qu'elles sont actualisées.
PCT/JP2012/068012 2012-07-13 2012-07-13 Appareil de commande de communication, appareil de communication et programme WO2014010087A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/JP2012/068012 WO2014010087A1 (fr) 2012-07-13 2012-07-13 Appareil de commande de communication, appareil de communication et programme
JP2014524578A JP5813872B2 (ja) 2012-07-13 2012-07-13 通信制御装置、通信装置およびプログラム
US14/589,462 US10715345B2 (en) 2012-07-13 2015-01-05 Communication control device, communication device, computer program product, information processing apparatus, and transmitting method for managing devices in a group

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2012/068012 WO2014010087A1 (fr) 2012-07-13 2012-07-13 Appareil de commande de communication, appareil de communication et programme

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/589,462 Continuation US10715345B2 (en) 2012-07-13 2015-01-05 Communication control device, communication device, computer program product, information processing apparatus, and transmitting method for managing devices in a group

Publications (1)

Publication Number Publication Date
WO2014010087A1 true WO2014010087A1 (fr) 2014-01-16

Family

ID=49915588

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/068012 WO2014010087A1 (fr) 2012-07-13 2012-07-13 Appareil de commande de communication, appareil de communication et programme

Country Status (3)

Country Link
US (1) US10715345B2 (fr)
JP (1) JP5813872B2 (fr)
WO (1) WO2014010087A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016051921A (ja) * 2014-08-28 2016-04-11 株式会社東芝 通信システム
JP2016063233A (ja) * 2014-09-12 2016-04-25 株式会社東芝 通信制御装置
WO2016147303A1 (fr) * 2015-03-16 2016-09-22 株式会社東芝 Appareil, système, programme, dispositif de gestion et procédé
JP2018038077A (ja) * 2017-11-02 2018-03-08 株式会社東芝 管理装置、プログラム、システムおよび方法
US10834666B2 (en) 2017-11-08 2020-11-10 Allied Telesis Holdings K.K. Wireless communication device and method

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6029936B2 (ja) * 2012-11-02 2016-11-24 株式会社東芝 通信制御装置、通信装置およびプログラム
JP6100133B2 (ja) * 2013-09-20 2017-03-22 株式会社東芝 情報処理装置、管理装置、情報処理システム、情報処理方法、及びプログラム
CN110769421B (zh) * 2018-07-26 2021-08-13 华为技术有限公司 一种群组创建方法、装置及系统

Family Cites Families (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2001050686A1 (ja) * 2000-01-07 2004-01-08 富士通株式会社 情報送受信装置
JP3571616B2 (ja) * 2000-05-23 2004-09-29 エヌ・ティ・ティ・コムウェア株式会社 データの共有方法、端末装置および記録媒体
EP1329051A2 (fr) * 2000-10-18 2003-07-23 Koninklijke Philips Electronics N.V. Generation d'une cle de chiffrement commune
US7088822B2 (en) * 2001-02-13 2006-08-08 Sony Corporation Information playback device, information recording device, information playback method, information recording method, and information recording medium and program storage medium used therewith
JP2003318917A (ja) * 2002-04-26 2003-11-07 Sony Corp 無線通信システム、無線通信端末および無線通信システムへの参加方法
JP2004046302A (ja) * 2002-07-08 2004-02-12 Nec Corp 複数の情報機器間におけるデータ同期方法、当該方法を実行する情報処理装置、および当該方法を実行するためのプログラム
US7599496B2 (en) * 2002-08-27 2009-10-06 Pine Valley Investments, Inc. Secure encryption key distribution
US7917748B2 (en) * 2002-10-25 2011-03-29 Pine Valley Investments, Inc. Secure group secret distribution
TWI349204B (en) * 2003-01-10 2011-09-21 Panasonic Corp Group admission system and server and client therefor
US9110853B2 (en) * 2003-03-10 2015-08-18 Oracle America, Inc. Computer system with multiple classes of device IDs
JP2005276094A (ja) * 2004-03-26 2005-10-06 Hitachi Ltd 分散ストレージ装置のファイル管理方法及び分散ストレージシステム並びにプログラム
JP4442294B2 (ja) * 2004-04-09 2010-03-31 ソニー株式会社 コンテンツ再生装置,プログラム,コンテンツ再生制御方法
FI20040697A (fi) * 2004-05-19 2005-11-20 Nokia Corp Menetelmä, laite ja ohjelmisto kannettavien laitteiden tietojen päivittämiseksi
JPWO2006035813A1 (ja) * 2004-09-30 2008-07-31 シャープ株式会社 符号化装置、符号化方法、復号装置、復号方法、プログラムおよび該プログラムを記録した機械読取り可能な記録媒体
WO2006064738A1 (fr) * 2004-12-14 2006-06-22 Matsushita Electric Industrial Co., Ltd. Dispositif serveur de gestion, dispositif de reproduction de contenu et support d’enregistrement
US20060168259A1 (en) * 2005-01-27 2006-07-27 Iknowware, Lp System and method for accessing data via Internet, wireless PDA, smartphone, text to voice and voice to text
US7774010B2 (en) * 2005-07-06 2010-08-10 Nokia Corporation Peer-to-peer group management framework and methodology
JP2007060027A (ja) * 2005-08-22 2007-03-08 Canon Inc 情報処理装置及びグループ化方法
JP4784245B2 (ja) * 2005-10-04 2011-10-05 ソニー株式会社 コンテンツ処理装置,サーバ装置,通信方法およびコンピュータプログラム
JP2007221621A (ja) 2006-02-20 2007-08-30 Hitachi Kokusai Electric Inc 無線通信システムおよび無線通信システムのグループ変更方法
JP4823717B2 (ja) * 2006-02-28 2011-11-24 株式会社日立製作所 暗号通信システム、端末状態管理サーバ、暗号通信方法、および端末状態管理方法
US8180741B2 (en) * 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
JP4938781B2 (ja) * 2006-08-30 2012-05-23 パナソニック株式会社 情報提示装置、情報提示方法、情報提示プログラム及び集積回路
JP4842742B2 (ja) * 2006-09-05 2011-12-21 富士通株式会社 ソフトウェア管理プログラム、ソフトウェア管理方法およびソフトウェア管理装置
US8165124B2 (en) * 2006-10-13 2012-04-24 Qualcomm Incorporated Message compression methods and apparatus
US8065397B2 (en) * 2006-12-26 2011-11-22 Axeda Acquisition Corporation Managing configurations of distributed devices
JP4358239B2 (ja) * 2007-01-10 2009-11-04 株式会社東芝 コンテンツ提供システム、追跡システム、コンテンツ提供方法及び不正ユーザ特定方法
EP2150050B1 (fr) * 2007-04-20 2014-07-30 Nippon Hoso Kyokai Unité de gestion de clé d'embrouillage, unité de transmission d'informations de gestion de clé d'embrouillage, procédé pour une gestion de sortie de clé d'embrouillage, programme de gestion de clé d'embrouillage, unité de gestion d'informations de licence, unit&
EP2066092A1 (fr) * 2007-11-30 2009-06-03 NTT DoCoMo, Inc. Appareil et procédé de contrôle de communication
US8401195B2 (en) * 2008-09-22 2013-03-19 Motorola Solutions, Inc. Method of automatically populating a list of managed secure communications group members
US20110246474A1 (en) * 2008-12-17 2011-10-06 Koichi Abe Data management apparatus, data management method, and data management program
JP2010240896A (ja) * 2009-04-02 2010-10-28 Sharp Corp 画像形成装置、画像処理端末及びそれらにより構成される画像形成システム
US8565130B2 (en) * 2009-12-16 2013-10-22 Lg Electronics Inc. Transmitting system and method of processing digital broadcast signal in transmitting system, receiving system and method of receiving digital broadcast signal in receiving system
JP5531692B2 (ja) * 2010-03-17 2014-06-25 株式会社リコー 機器管理装置、機器管理システム、情報管理方法、情報管理プログラム、及びそのプログラムを記録した記録媒体
US9621930B2 (en) * 2010-05-07 2017-04-11 Deutsche Telekom Ag Distributed transcoding of video frames for transmission in a communication network
US8712391B2 (en) * 2010-12-08 2014-04-29 Qualcomm Incorporated Client-managed group communication sessions within a wireless communications system
JP5289476B2 (ja) 2011-02-04 2013-09-11 株式会社東芝 通信装置および鍵算出装置
KR101760333B1 (ko) * 2011-03-02 2017-07-21 삼성전자주식회사 다중 사용자 다중 안테나 전송에서 그룹 아이디 관리를 위한 타겟 단말 및 액세스 포인트의 통신 방법
JP5676331B2 (ja) 2011-03-24 2015-02-25 株式会社東芝 ルートノード及びプログラム
JP2012205088A (ja) 2011-03-25 2012-10-22 Toshiba Corp ノード及びグループ鍵更新方法
JP5306405B2 (ja) 2011-03-31 2013-10-02 株式会社東芝 情報処理装置およびプログラム
JP5670272B2 (ja) 2011-07-19 2015-02-18 株式会社東芝 情報処理装置、サーバ装置およびプログラム
US9509505B2 (en) * 2011-09-28 2016-11-29 Netapp, Inc. Group management of authenticated entities

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ION STOICA ET AL.: "Chord: a scalable peer-to- peer lookup protocol for Internet applications", NETWORKING, IEEE/ACM TRANSACTIONS ON, vol. 11, no. 1, 28 February 2003 (2003-02-28), pages 17 - 32, XP011077215 *
LILY CHEN: "June 14 Teleconference Minutes", 21-12-0078-00-MUGM, IEEE MENTOR, 20 June 2012 (2012-06-20) *
MIGUEL CASTRO ET AL.: "Scribe: a large-scale and decentralized application- level multicast infrastructure", SELECTED AREAS IN COMMUNICATIONS, IEEE JOURNAL ON, vol. 20, no. 8, 31 October 2002 (2002-10-31), pages 1489 - 1499, XP011065540 *
TORU KAMBAYASHI ET AL.: "Requirements for New MIH Applications", 21-12-0058-01-MUGM, IEEE MENTOR, 15 May 2012 (2012-05-15) *
TORU KAMBAYASHI ET AL.: "Security Requirements for New Use Cases", 21-12-0071-02-MUGM, IEEE MENTOR, 7 June 2012 (2012-06-07) *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016051921A (ja) * 2014-08-28 2016-04-11 株式会社東芝 通信システム
JP2016063233A (ja) * 2014-09-12 2016-04-25 株式会社東芝 通信制御装置
WO2016147303A1 (fr) * 2015-03-16 2016-09-22 株式会社東芝 Appareil, système, programme, dispositif de gestion et procédé
JPWO2016147303A1 (ja) * 2015-03-16 2017-04-27 株式会社東芝 管理装置、プログラム、システム、機器および方法
US10447469B2 (en) 2015-03-16 2019-10-15 Kabushiki Kaisha Toshiba Management apparatus, computer program product, system, device, and method
JP2018038077A (ja) * 2017-11-02 2018-03-08 株式会社東芝 管理装置、プログラム、システムおよび方法
US10834666B2 (en) 2017-11-08 2020-11-10 Allied Telesis Holdings K.K. Wireless communication device and method

Also Published As

Publication number Publication date
US20150117298A1 (en) 2015-04-30
JPWO2014010087A1 (ja) 2016-06-20
US10715345B2 (en) 2020-07-14
JP5813872B2 (ja) 2015-11-17

Similar Documents

Publication Publication Date Title
JP5813872B2 (ja) 通信制御装置、通信装置およびプログラム
EP2562957B1 (fr) Dispositif de partage de clé, procédé de partage de clé et produit de programme informatique
CN111865920A (zh) 一种网关认证和身份鉴权的平台及其方法
JP2019522412A (ja) 登録・認可方法、装置及びシステム
JP5670272B2 (ja) 情報処理装置、サーバ装置およびプログラム
JP5395372B2 (ja) 通信装置、鍵サーバ及びデータ
CN103326850A (zh) 密钥产生装置和密钥产生方法
JP4997769B2 (ja) 暗号通信システム、鍵共有方法、鍵提供装置
JP2006236349A (ja) ピアツーピアネットワーク情報
JP6029936B2 (ja) 通信制御装置、通信装置およびプログラム
JP5992295B2 (ja) 通信制御装置、通信装置およびプログラム
JP6100922B2 (ja) 通信制御装置、通信制御方法、プログラムおよび通信システム
JP2006195755A (ja) 画像入出力装置
JP6139622B2 (ja) 情報処理装置および送信方法
JP3215882U (ja) クラウドストレージベースのファイルアクセス制御システム
KR101146510B1 (ko) Synk 데이터베이스 암호화 시스템 및 그 방법
JP6290443B2 (ja) 通信制御装置、通信制御方法およびプログラム
KR20140004703A (ko) 제어된 보안 도메인
JP6162873B2 (ja) 通信制御装置、通信装置およびプログラム
JP6178472B2 (ja) 通信制御装置、通信装置およびプログラム
JP5768622B2 (ja) メッセージ認証システム、通信装置及び通信プログラム
JP6139803B2 (ja) 通信制御装置、通信装置およびプログラム
JP5739078B1 (ja) サーバ装置、通信方法、およびプログラム
JP5705366B1 (ja) サーバ装置およびプログラム
JP6334679B2 (ja) 通信制御装置、通信装置およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12880883

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2014524578

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12880883

Country of ref document: EP

Kind code of ref document: A1